Imagine leaving your front door unlocked with a note that reads, “Back in 15. Please don’t steal the silverware.” That, in essence, is what the United States government — yes, including the Pentagon — may have unwittingly done through its long-standing relationship with Microsoft and the tech giant’s disturbingly lax attitude toward cybersecurity oversight.

Microsoft’s China-linked engineers should be setting off DEFCON-level alarms in Washington. Instead, we’ve mostly gotten silence, shrugs, and vague murmurs. According to reports, Microsoft gave foreign nationals access to parts of the software that power critical U.S. military infrastructure.

You read that right. Engineers based in China, working for a U.S. tech behemoth under no formal federal contract, had proximity to the digital equivalent of the Pentagon’s control room.

Even worse? Microsoft allegedly failed to tell the Pentagon about it.

This is no small “oopsie.” We’re talking about a company that provides essential software infrastructure to every arm of the U.S. government — military included — quietly hiring engineers from a geopolitical rival with a track record of industrial espionage, cyber warfare, and digital sabotage. If you think China wouldn’t exploit this access, you haven’t been paying attention.

Microsoft has since responded to the report from ProPublica that exposed the issue. “In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” stated Frank Shaw, Microsoft’s chief communications officer.

Senator Tom Cotton (R-AR), however, is now asking some very pointed questions, and rightly so. Why was this program not disclosed? Why were Chinese nationals permitted to work on products used by the Department of Defense? And who, exactly, at Microsoft thought this was a good idea?

The problem isn’t just Microsoft’s apparent blind spot for national security. The deeper issue is how cavalier we’ve become with endpoint protection — that last line of defense between a secure network and total compromise. Whether it’s a government agency or a private company, relying on outdated firewalls and blind trust in tech titans is like wearing a screen door for armor.

This is the same Microsoft, mind you, that in just the last year alone has racked up a staggering number of Common Vulnerabilities and Exposures (CVEs). These aren’t minor bugs; these are gaping holes in the digital fabric — many of which can be exploited with a single click. One CVE alone allowed hackers to access Outlook inboxes without requiring the user to even open an email. Just receiving it was enough. That’s not an email; that’s a digital landmine.

Add in the explosion of tech support scams, the thousands of reported of phishing schemes, and malware attacks that install silently with a single mistimed click, and we’ve got ourselves a cyber hygiene crisis. Criminals and state-backed hackers alike have figured out that Americans are highly advanced at building systems, but dangerously naive at guarding them.

Want another cherry on this data breach sundae? Microsoft’s move to hire foreign engineers coincided with its transition to a “cloud-first” infrastructure. Translation: the very people with questionable loyalties were potentially helping build and maintain systems that store terabytes of sensitive U.S. government data — offsite, off-premises, and off the radar of traditional defense monitoring.

Here’s a scary thought: if you were a Chinese intelligence officer dreaming of getting into Pentagon systems, would you rather recruit a spy, build a malware strain, or just… get hired by Microsoft?

You can’t blame China for trying. The blame lies with Microsoft for leaving the vault open and pretending it’s a broom closet.

The solution isn’t to boycott Microsoft (though the pressure to modernize and secure their systems needs to be immediate and non-negotiable). The real fix lies in overhauling our government’s relationship with Big Tech. We need rigorous vetting of foreign hires working on national security products. We need independent audits of source code, vulnerability testing, and real-time threat modeling. And we absolutely need to build up our domestic cybersecurity talent pool so that we’re not outsourcing our digital sovereignty to countries with conflicting interests.

Most importantly, endpoint security must become as ubiquitous in government as badge scanners and background checks. Every workstation, laptop, mobile device, and cloud node must be locked down with zero-trust architecture, real-time behavioral analytics, and automatic quarantine capabilities. Anything less is an open invitation to espionage.

This isn’t just a Microsoft problem or a Pentagon problem. It’s an American problem. We’re letting convenience and tech monopolies override prudence and national defense. The same way we wouldn’t allow a Chinese company to handle nuclear launch codes, we shouldn’t let their engineers code the operating systems that support those platforms.

Let’s not forget: the Chinese Communist Party plays a long game. They don’t need to hack into Fort Knox if we’re leaving the digital vault open with a “Welcome” sign in Mandarin. And Microsoft, by cozying up to foreign nationals while serving American defense clients, has done exactly that.

President Trump built his first administration on the promise of draining the swamp and putting America First. That promise must now extend to cybersecurity. Our digital borders are every bit as vital as our physical ones. It’s time to hold tech giants accountable and ensure our software backbone isn’t quietly being rewritten by our adversaries.

Because when the dragon’s inside the network, it’s already too late to “build” a firewall.

* * *

Julio Rivera is a business and political strategist, cybersecurity researcher, founder of ItFunk.Org, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.

The views expressed in this piece are those of the author and do not necessarily represent those of The Daily Wire.